Hi folks,
I am trying to discover how graylog is making the rotation on indices when policy rotation is configured ontime et every day.
In deed, I am doing a rotation every day (P1D) with a retention of 91 days.
Please don’t tell me that rotation is 24 hours after the first log.
I am in western Europe (France), and I noticed that rotation is done at 2 AM ( Midnight UTC time).
But I need to do it at midnight (French time).
Can someone help me please ?
Hey @m05lim5h4d0w,
this is not possible I’m afraid. Graylog heavily uses UTC internally, so I guess there won’t be any luck for that. But better wait for a more qualified response from the Graylog team itself 
Greetings - Phil
Thank you @derPhlipsi for your response.
I will wait for our great team @Graylog_staff for a final response.
Have you looked into changing the internal timezone?
Our system is on a Linux VM, by changing ‘root_timezone = Europe/London’ in the graylog.conf file.
You can check the timezone that: your user is on, your browser is on and your server is on. This information can be found in the system/overview page on the web interface.
Regards,
G
Hey @GTownson,
this is actually the timezone for the admin/root user and his display of for example timestamps only. The underlying Graylog System does not rely on that afaik 
Greetings - Phil
Sorry guys for this message, can someone help me please ?
@jochen thanks for your response.
No this is not a response, I am asking about the possibility to change internal graylog time from UTC to GMT+2.
But it seems that it is not possible… is there a plan to modify it and have elasticsearch indexed with correct timezone ? Wen need to manipulate elastic search indexes and have time rotation from graylog @ midnight GMT+2 and not UTC.
Thanks for your response.
You could create a cronjob and trigger an index cycle via the Graylog REST API.
Thank you but if I rotate @ midnight gmt+2 graylog will rotate @2am gmt+2 right ?
Tarek
No, Graylog will check the age of the index and not rotate if it’s younger than the configured rotation time.
Thank you I am coing to test this now with hour rotation.
Hello!
Same problem. I have tried to rotate manually an index configured with hour rotation, but there is rotation each hour, even the manual rotate is younger than 1 hour
Same for us.
If there is someone from Graylog team who can explain us… it would be great.
Thanks.
Hi,
it’s only an idea, but, as @jochen said, you can use manual rotation with cronjob and set index rotation by size with high size value. I think doing this GL will never “auto-rotate” index if your cronjob rotate it first.
Am i wrong?
Hope this helps. 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
